Prototype Pollution Vulnerability in RobinHerbots Inputmask Library
CVE-2026-16150
5.3MEDIUM
What is CVE-2026-16150?
A vulnerability has been identified in the RobinHerbots Inputmask library versions up to 5.0.9, specifically in the method extendDefaults/extendDefinitions/extendAliases located in lib/dependencyLibs/extend.js. This vulnerability allows attackers to manipulate object prototype attributes improperly. The exploitation can be executed remotely, posing a significant security risk. Although the project was notified about this issue through an early report, no response has been received so far.
Affected Version(s)
Inputmask 5.0.0
Inputmask 5.0.1
Inputmask 5.0.2
